| CVE-2017-14378 |
critical |
10.0 |
10.0 |
|
|
emc |
9y ago |
EMC RSA Authentication Agent API 8.5 for C and RSA Authentication Agent SDK 8.6 for C allow attackers to bypass authentication, aka an "Error Handling Vulnerability." |
| CVE-2017-8020 |
critical |
9.8 |
9.8 |
|
|
emc |
9y ago |
An issue was discovered in EMC ScaleIO 2.0.1.x. A buffer overflow vulnerability in the SDBG service may potentially allow a remote unauthenticated attacker to execute arbitrary commands with root pri… |
| CVE-2017-8019 |
high |
7.5 |
7.5 |
|
|
emc |
9y ago |
An issue was discovered in EMC ScaleIO 2.0.1.x. A vulnerability in message parsers (MDM, SDS, and LIA) could potentially allow an unauthenticated remote attacker to send specifically crafted packets … |
| CVE-2017-14379 |
medium |
5.4 |
5.4 |
|
|
emc |
9y ago |
EMC RSA Authentication Manager before 8.2 SP1 P6 has a cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system. |
| CVE-2017-14376 |
high |
7.8 |
7.8 |
|
|
emc |
9y ago |
EMC AppSync Server prior to 3.5.0.1 contains database accounts with hardcoded passwords that could potentially be exploited by malicious users to compromise the affected system. |
| CVE-2017-14375 |
critical |
9.8 |
9.8 |
|
|
dellemc |
9y ago |
EMC Unisphere for VMAX Virtual Appliance (vApp) versions prior to 8.4.0.15, EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.15, EMC VASA Virtual Appliance versions prior to 8.4.0.512,… |
| CVE-2017-14373 |
medium |
6.1 |
6.1 |
|
|
emc |
9y ago |
EMC RSA Authentication Manager 8.2 SP1 P4 and earlier contains a reflected cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system. |
| CVE-2017-10955 |
high |
8.8 |
8.8 |
|
|
emc |
9y ago |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Data Protection Advisor 6.3.0. Authentication is required to exploit this vulnerability. The sp… |
| CVE-2017-8022 |
high |
8.1 |
8.1 |
|
|
emc |
9y ago |
An issue was discovered in EMC NetWorker (prior to 8.2.4.9, all supported 9.0.x versions, prior to 9.1.1.3, prior to 9.2.0.4). The Server service (nsrd) is affected by a buffer overflow vulnerability… |
| CVE-2017-8025 |
high |
7.4 |
7.4 |
|
|
emc |
9y ago |
RSA Archer GRC Platform prior to 6.2.0.5 is affected by an arbitrary file upload vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to upload malicious files … |
| CVE-2017-8017 |
medium |
6.1 |
6.1 |
|
|
emc |
9y ago |
EMC Network Configuration Manager (NCM) 9.3.x, 9.4.0.x, 9.4.1.x, and 9.4.2.x is affected by a reflected cross-site scripting Vulnerability that could potentially be exploited by malicious users to co… |
| CVE-2017-8016 |
medium |
5.4 |
5.4 |
|
|
emc |
9y ago |
RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Questionnaire ID field. An authenticated attacker may potentially exploit this to execute arbitrary HTML in… |
| CVE-2017-8018 |
high |
7.5 |
7.5 |
|
|
emc |
9y ago |
EMC AppSync host plug-in versions 3.5 and below (Windows platform only) includes a denial of service (DoS) vulnerability that could potentially be exploited by malicious users to compromise the affec… |
| CVE-2017-8015 |
critical |
9.8 |
9.8 |
|
|
emc |
9y ago |
EMC AppSync (all versions prior to 3.5) contains a SQL injection vulnerability that could potentially be exploited by malicious users to compromise the affected system. |
| CVE-2017-3757 |
high |
7.8 |
7.8 |
|
|
emc |
9y ago |
An unquoted service path vulnerability was identified in the driver for the ElanTech Touchpad, various versions, used on some Lenovo brand notebooks (not ThinkPads). This could allow an attacker with… |
| CVE-2017-8006 |
medium |
5.9 |
5.9 |
|
|
emc |
9y ago |
In EMC RSA Authentication Manager 8.2 SP1 Patch 1 and earlier, a malicious user logged into the Self-Service Console of RSA Authentication Manager as a target user can use a brute force attack to att… |
| CVE-2017-8005 |
medium |
5.4 |
5.4 |
|
|
emcrsa |
9y ago |
The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle… |
| CVE-2017-8004 |
high |
7.2 |
7.2 |
|
|
emcrsa |
9y ago |
The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle … |
| CVE-2017-8000 |
medium |
4.8 |
4.8 |
|
|
emc |
9y ago |
In EMC RSA Authentication Manager 8.2 SP1 and earlier, a malicious RSA Security Console Administrator could craft a token profile and store the profile name in the RSA Authentication Manager database… |
| CVE-2017-8003 |
medium |
4.9 |
4.9 |
|
|
emc |
9y ago |
EMC Data Protection Advisor prior to 6.4 contains a path traversal vulnerability. A remote authenticated high privileged user may potentially exploit this vulnerability to access unauthorized informa… |
| CVE-2017-8002 |
high |
8.8 |
8.8 |
|
|
emc |
9y ago |
EMC Data Protection Advisor prior to 6.4 contains multiple blind SQL injection vulnerabilities. A remote authenticated attacker may potentially exploit these vulnerabilities to gain information about… |
| CVE-2017-4976 |
critical |
9.8 |
9.8 |
|
|
emc |
9y ago |
EMC ESRS Policy Manager prior to 6.8 contains an undocumented account (OpenDS admin) with a default password. A remote attacker with the knowledge of the default password may login to the system and … |
| CVE-2017-5002 |
medium |
6.1 |
6.1 |
|
|
emc |
9y ago |
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an open redirect vulnerability. A remote unprivileged attacker may potentially redirect legitimate users to arbitrar… |
| CVE-2017-5001 |
medium |
4.3 |
4.3 |
|
|
emc |
9y ago |
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an information exposure through an error message vulnerability. A remote low privileged attacker may potentially exp… |
| CVE-2017-5000 |
medium |
4.3 |
4.3 |
|
|
emc |
9y ago |
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an information exposure through an error message vulnerability. A remote low privileged attacker may potentially exp… |
| CVE-2017-4999 |
medium |
6.5 |
6.5 |
|
|
emc |
9y ago |
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an authorization bypass through user-controlled key vulnerability in Discussion Forum Messages. A remote low privile… |
| CVE-2017-4998 |
high |
8.8 |
8.8 |
|
|
emc |
9y ago |
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is potentially affected by a cross-site request forgery vulnerability. A remote low privileged attacker may potentially exploit the… |
| CVE-2017-4990 |
critical |
9.8 |
9.8 |
|
|
emc |
9y ago |
In EMC Avamar Server Software 7.4.1-58, 7.4.0-242, 7.3.1-125, 7.3.0-233, 7.3.0-226, an unauthorized attacker may leverage the file upload feature of the system maintenance page to load a maliciously … |
| CVE-2017-4989 |
critical |
9.8 |
9.8 |
|
|
emc |
9y ago |
In EMC Avamar Server Software 7.3.1-125, 7.3.0-233, 7.3.0-226, 7.2.1-32, 7.2.1-31, 7.2.0-401, an unauthenticated remote attacker may potentially bypass the authentication process to gain access to th… |
| CVE-2017-4986 |
medium |
5.3 |
5.3 |
|
|
emc |
9y ago |
EMC ESRS VE 3.18 or earlier contains Authentication Bypass that could potentially be exploited by malicious users to compromise the affected system. |
| CVE-2017-5004 |
medium |
5.4 |
5.4 |
|
|
emcrsa |
9y ago |
EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7.0 (all patch levels); and RSA Identity Management and Governance (IMG) v… |
| CVE-2017-5003 |
medium |
6.1 |
6.1 |
|
|
emcrsa |
9y ago |
EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7.0 (all patch levels); and RSA Identity Management and Governance (IMG) v… |
| CVE-2017-4982 |
critical |
9.8 |
9.8 |
|
|
emc |
9y ago |
EMC Mainframe Enablers ResourcePak Base versions 7.6.0, 8.0.0, and 8.1.0 contains a fix for a privilege management vulnerability that could potentially be exploited by malicious users to compromise t… |
| CVE-2017-4977 |
high |
7.0 |
7.0 |
|
|
emc |
9y ago |
EMC RSA Archer Security Operations Management with RSA Unified Collector Framework versions prior to 1.3.1.52 contain a sensitive information disclosure vulnerability that could potentially be exploi… |
| CVE-2016-6650 |
high |
7.5 |
7.5 |
|
|
emc |
9y ago |
EMC RecoverPoint versions prior to 5.0 and EMC RecoverPoint for Virtual Machines versions prior to 5.0 have an SSL Stripping Vulnerability that may potentially be exploited by malicious users to comp… |
| CVE-2017-2765 |
critical |
9.8 |
9.8 |
|
|
emc |
9y ago |
EMC Isilon InsightIQ 4.1.0, 4.0.1, 4.0.0, 3.2.2, 3.2.1, 3.2.0, 3.1.1, 3.1.0, 3.0.1, 3.0.0 is affected by an authentication bypass vulnerability that could potentially be exploited by attackers to com… |
| CVE-2017-2768 |
critical |
9.8 |
9.8 |
|
|
emc |
10y ago |
EMC Network Configuration Manager (NCM) 9.3.x, EMC Network Configuration Manager (NCM) 9.4.0.x, EMC Network Configuration Manager (NCM) 9.4.1.x, EMC Network Configuration Manager (NCM) 9.4.2.x contai… |
| CVE-2017-2767 |
critical |
9.8 |
9.8 |
|
|
emc |
10y ago |
EMC Network Configuration Manager (NCM) 9.3.x, EMC Network Configuration Manager (NCM) 9.4.0.x, EMC Network Configuration Manager (NCM) 9.4.1.x, EMC Network Configuration Manager (NCM) 9.4.2.x contai… |
| CVE-2017-2766 |
critical |
9.8 |
9.8 |
|
|
emc |
10y ago |
EMC Documentum eRoom version 7.4.4, EMC Documentum eRoom version 7.4.4 SP1, EMC Documentum eRoom version prior to 7.4.5 P04, EMC Documentum eRoom version prior to 7.5.0 P01 includes an unverified pas… |
| CVE-2016-9873 |
medium |
6.3 |
6.3 |
|
|
emc |
10y ago |
EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has a DQL Injection Vulnerability that could potentially be exploited by malicious users to compromise the affected system. An authenti… |
| CVE-2016-9872 |
medium |
6.1 |
6.1 |
|
|
emc |
10y ago |
EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has Reflected Cross-Site Scripting Vulnerabilities that could potentially be exploited by malicious users to compromise the affected sy… |
| CVE-2016-6649 |
medium |
6.7 |
6.7 |
|
|
emc |
10y ago |
EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for Virtual Machines versions before 5.0 are affected by multiple command injection vulnerabilities where a malicious administrator with … |
| CVE-2016-6648 |
medium |
4.4 |
4.4 |
|
|
emc |
10y ago |
EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for Virtual Machines versions before 5.0 are affected by sensitive information disclosure vulnerability as a result of incorrect permissi… |
| CVE-2016-0890 |
medium |
6.4 |
6.4 |
|
|
emc |
10y ago |
EMC PowerPath Virtual (Management) Appliance 2.0, EMC PowerPath Virtual (Management) Appliance 2.0 SP1 is affected by a sensitive information disclosure vulnerability that may potentially be exploite… |
| CVE-2016-8215 |
medium |
6.1 |
6.1 |
|
|
emc |
10y ago |
EMC RSA Security Analytics 10.5.3 and 10.6.2 contains fixes for a Reflected Cross-Site Scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system. |
| CVE-2016-8214 |
medium |
6.7 |
6.7 |
|
|
emc |
10y ago |
EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) versions 7.3.0 and 7.3.1 contain a vulnerability that may allow malicious administrators to compromise Avamar servers. |
| CVE-2016-8213 |
medium |
6.1 |
6.1 |
|
|
emc |
10y ago |
EMC Documentum WebTop Version 6.8, prior to P18 and Version 6.8.1, prior to P06; and EMC Documentum TaskSpace version 6.7SP3, prior to P02; and EMC Documentum Capital Projects Version 1.9, prior to P… |
| CVE-2016-9869 |
medium |
5.5 |
5.5 |
|
|
emc |
10y ago |
An issue was discovered in EMC ScaleIO versions before 2.0.1.1. Incorrect permissions on the SCINI driver may allow a low-privileged local attacker to modify the configuration and render the ScaleIO … |
| CVE-2016-9868 |
medium |
5.5 |
5.5 |
|
|
emc |
10y ago |
An issue was discovered in EMC ScaleIO versions before 2.0.1.1. A low-privileged local attacker may cause a denial-of-service by generating a kernel panic in the SCINI driver using IOCTL calls which … |
| CVE-2016-9867 |
high |
8.8 |
8.8 |
|
|
emc |
10y ago |
An issue was discovered in EMC ScaleIO versions before 2.0.1.1. A low-privileged local attacker may be able to modify the kernel memory in the SCINI driver and may achieve code execution to escalate … |
| CVE-2016-0909 |
high |
8.4 |
8.4 |
|
|
emc |
10y ago |
EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) versions 7.3 and older contain a vulnerability that may expose the Avamar servers to potentially be compromised by malicious users. |
| CVE-2016-6646 |
critical |
9.8 |
9.8 |
|
|
dellemc |
10y ago |
The vApp Managers web application in EMC Unisphere for VMAX Virtual Appliance 8.x before 8.3.0 and Solutions Enabler Virtual Appliance 8.x before 8.3.0 allows remote attackers to execute arbitrary co… |
| CVE-2016-6645 |
high |
8.8 |
8.8 |
|
|
dellemc |
10y ago |
The vApp Managers web application in EMC Unisphere for VMAX Virtual Appliance 8.x before 8.3.0 and Solutions Enabler Virtual Appliance 8.x before 8.3.0 allows remote authenticated users to execute ar… |
| CVE-2016-0913 |
critical |
9.8 |
9.8 |
|
|
emc |
10y ago |
The client in EMC Replication Manager (RM) before 5.5.3.0_01-PatchHotfix, EMC Network Module for Microsoft 3.x, and EMC Networker Module for Microsoft 8.2.x before 8.2.3.6 allows remote RM servers to… |
| CVE-2016-6647 |
medium |
5.4 |
5.4 |
|
|
emc |
10y ago |
Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2016-0918 |
medium |
4.3 |
4.3 |
|
|
emc |
10y ago |
EMC RSA Identity Management and Governance before 6.8.1 P25 and 6.9.x before 6.9.1 P15 and RSA Via Lifecycle and Governance before 7.0.0 P04 allow remote authenticated users to obtain User Detail Pop… |
| CVE-2016-0925 |
medium |
5.4 |
5.4 |
|
|
emc |
10y ago |
Cross-site scripting (XSS) vulnerability in the Case Management application in EMC RSA Adaptive Authentication (On-Premise) before 6.0.2.1.SP3.P4 HF210, 7.0.x and 7.1.x before 7.1.0.0.SP0.P6 HF50, an… |
| CVE-2016-0921 |
medium |
6.5 |
6.5 |
|
|
emc |
10y ago |
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 use weak permissions for unspecified directories, which allows local users to obtain root access by repl… |
| CVE-2016-0920 |
high |
7.8 |
7.8 |
|
|
emc |
10y ago |
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 allow local users to obtain root access via a crafted parameter to a command that is available in the su… |
| CVE-2016-0917 |
critical |
9.8 |
9.8 |
|
|
emc |
10y ago |
The SMB service in EMC VNXe (VNXe3200 Operating Environment prior to 3.1.5.8711957 and VNXe3100/3150/3300 Operating Environment prior to 2.4.4.22638), VNX1 File OE before 7.1.80.3, VNX2 File OE befor… |
| CVE-2016-0905 |
medium |
6.7 |
6.7 |
|
|
emc |
10y ago |
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 allow local users to obtain root privileges by leveraging admin access and entering a sudo command. |
| CVE-2016-0904 |
high |
8.6 |
8.6 |
|
|
emc |
10y ago |
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 use the same encryption key across different customers' installations, which allows remote attackers to … |
| CVE-2016-0903 |
critical |
9.1 |
9.1 |
|
|
emc |
10y ago |
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 rely on client-side authentication, which allows remote attackers to spoof clients and read backup data … |
| CVE-2016-6643 |
medium |
6.1 |
6.1 |
|
|
emc |
10y ago |
Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 3.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2016-6642 |
medium |
6.1 |
6.1 |
|
|
emc |
10y ago |
Cross-site request forgery (CSRF) vulnerability in EMC ViPR SRM before 3.7.2 allows remote attackers to hijack the authentication of administrators for requests that upload files. |
| CVE-2016-6641 |
high |
7.6 |
7.6 |
|
|
emc |
10y ago |
Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 3.7.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2016-0922 |
critical |
9.8 |
9.8 |
|
|
emc |
10y ago |
EMC ViPR SRM before 3.7.2 does not restrict the number of password-authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force guessing attack. |
| CVE-2016-6644 |
medium |
5.3 |
5.3 |
|
|
emc |
10y ago |
EMC Documentum D2 4.5 before patch 15 and 4.6 before patch 03 allows remote attackers to read arbitrary Docbase documents by leveraging knowledge of an r_object_id value. |
| CVE-2016-0915 |
high |
8.1 |
8.1 |
|
|
emc |
10y ago |
The Self-Service Portal in EMC RSA Authentication Manager (AM) Prime Self-Service 3.0 and 3.1 before 3.1 1915.42871 allows remote authenticated users to cause a denial of service (PIN change for an a… |
| CVE-2016-0906 |
high |
8.8 |
8.8 |
|
|
emc |
10y ago |
The web-restore interface in Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar through 7.1.2 and 7.2.x through 7.2.1 allows remote authenticated users to read or delete directori… |
| CVE-2016-0899 |
medium |
6.3 |
6.3 |
|
|
emc |
10y ago |
EMC RSA Archer GRC 5.5.x before 5.5.3.4 allows remote authenticated users to read the web.config.bak file, and obtain sensitive credential information, by modifying the IIS configuration to set a Con… |
| CVE-2016-0914 |
medium |
6.3 |
6.3 |
|
|
emc |
10y ago |
EMC Documentum WebTop 6.8 before Patch 13 and 6.8.1 before Patch 02, Documentum Administrator 7.x before 7.2 Patch 13, Documentum Capital Projects 1.9 before Patch 23 and 1.10 before Patch 10, and Do… |
| CVE-2016-0916 |
critical |
9.8 |
9.8 |
|
|
emc |
10y ago |
EMC NetWorker 8.2.1.x and 8.2.2.x before 8.2.2.6 and 9.x before 9.0.0.6 mishandles authentication, which allows remote attackers to execute arbitrary commands by leveraging access to a different NetW… |
| CVE-2016-0902 |
medium |
5.3 |
5.3 |
|
|
emc |
10y ago |
CRLF injection vulnerability in EMC RSA Authentication Manager before 8.1 SP1 P14 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified … |
| CVE-2016-0901 |
medium |
6.1 |
6.1 |
|
|
emc |
10y ago |
Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Manager before 8.1 SP1 P14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulne… |
| CVE-2016-0900 |
medium |
6.1 |
6.1 |
|
|
emc |
10y ago |
Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Manager before 8.1 SP1 P14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulne… |
| CVE-2016-0895 |
medium |
4.3 |
4.3 |
|
|
emc |
10y ago |
EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote attackers to conduct clickjacking attacks via web-site elements with crafted transparency or opacity. |
| CVE-2016-0894 |
medium |
6.3 |
6.3 |
|
|
emc |
10y ago |
EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote authenticated users to bypass intended object access restrictions via a modified parameter. |
| CVE-2016-0893 |
medium |
4.3 |
4.3 |
|
|
emc |
10y ago |
EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote authenticated users to obtain sensitive information by reading error messages. |
| CVE-2016-0892 |
medium |
6.1 |
6.1 |
|
|
emc |
10y ago |
Cross-site scripting (XSS) vulnerability in EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2016-0891 |
high |
8.8 |
9.8 |
EXP |
|
emc |
10y ago |
Multiple cross-site request forgery (CSRF) vulnerabilities in administrative pages in EMC ViPR SRM before 3.7 allow remote attackers to hijack the authentication of administrators. |
| CVE-2016-0888 |
high |
8.8 |
8.8 |
|
|
emc |
10y ago |
EMC Documentum D2 before 4.6 lacks intended ACLs for configuration objects, which allows remote authenticated users to modify objects via unspecified vectors. |
| CVE-2016-0886 |
medium |
4.3 |
4.3 |
|
|
emc |
10y ago |
EMC Documentum xCP 2.1 before patch 24 and 2.2 before patch 12 allows remote authenticated users to obtain sensitive user-account metadata via a members/xcp_member API call. |
| CVE-2016-0882 |
medium |
5.4 |
5.4 |
|
|
emc |
11y ago |
EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows remote authenticated users to read arbitrary files via a POST request containing an XML external entity declaration in conjunctio… |
| CVE-2016-0881 |
medium |
6.5 |
6.5 |
|
|
emc |
11y ago |
EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and obtain sensitive repository informati… |
| CVE-2015-6852 |
medium |
4.3 |
4.3 |
|
|
emc |
11y ago |
Directory traversal vulnerability in the API in EMC Secure Remote Services Virtual Edition 3.x before 3.10 allows remote authenticated users to read log files via a crafted parameter. |
| CVE-2015-6850 |
high |
8.4 |
8.4 |
|
|
emc |
11y ago |
EMC VPLEX GeoSynchrony 5.4 SP1 before P3 and 5.5 before Patch 1 has a default password for the root account, which allows local users to gain privileges by leveraging a login session. |
| CVE-2015-6849 |
high |
— |
7.8 |
|
|
emc |
11y ago |
EMC NetWorker before 8.0.4.5, 8.1.x before 8.1.3.6, 8.2.x before 8.2.2.2, and 9.0 before build 407 allows remote attackers to cause a denial of service (process outage) via malformed RPC authenticati… |
| CVE-2015-6847 |
low |
— |
2.1 |
|
|
emc |
11y ago |
The default configuration of EMC VPLEX GeoSynchrony 5.4 SP1 before P3 stores cleartext NAVISPHERE GUI passwords in a log file, which allows local users to obtain sensitive information by reading this… |
| CVE-2015-6846 |
medium |
— |
6.8 |
|
|
emc |
11y ago |
EMC SourceOne Email Supervisor before 7.2 uses hardcoded encryption keys, which makes it easier for attackers to obtain access by examining how a program's code conducts cryptographic operations. |
| CVE-2015-6845 |
high |
— |
7.5 |
|
|
emc |
11y ago |
EMC SourceOne Email Supervisor before 7.2 does not properly employ random values for session IDs, which makes it easier for remote attackers to obtain access by guessing an ID. |
| CVE-2015-6844 |
medium |
— |
4.3 |
|
|
emc |
11y ago |
Cross-site scripting (XSS) vulnerability in Reviewer in EMC SourceOne Email Supervisor before 7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2015-6843 |
medium |
— |
5.0 |
|
|
emc |
11y ago |
Reviewer in EMC SourceOne Email Supervisor before 7.2 does not properly limit attempts to authenticate, which makes it easier for remote attackers to obtain access via a brute-force approach. |
| CVE-2015-4546 |
high |
— |
7.8 |
|
|
emc |
11y ago |
Directory traversal vulnerability in EMC RSA OneStep 6.9 before build 559, as used in RSA Certificate Manager and RSA Registration Manager through 6.9 build 558 and other products, allows remote atta… |
| CVE-2015-4543 |
medium |
— |
4.0 |
|
|
emc |
11y ago |
EMC RSA Archer GRC 5.x before 5.5.3 uses cleartext for stored passwords in unspecified circumstances, which allows remote authenticated users to obtain sensitive information by reading database field… |
| CVE-2015-4542 |
medium |
— |
6.5 |
|
|
emc |
11y ago |
EMC RSA Archer GRC 5.x before 5.5.3 allows remote authenticated users to bypass intended access restrictions, and read or modify Discussion Forum Fields messages, via unspecified vectors. |
| CVE-2015-4541 |
low |
— |
3.5 |
|
|
emc |
11y ago |
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer GRC 5.x before 5.5.3 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2015-4540 |
low |
— |
3.5 |
|
|
emc |
11y ago |
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Identity Management & Governance (IMG) before 6.8.1 P18 and 6.9.x before 6.9.1 P6 allow remote authenticated users to inject arbitrary w… |
| CVE-2015-4539 |
medium |
— |
4.3 |
|
|
emc |
11y ago |
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Identity Management & Governance (IMG) before 7.0.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vector… |
| CVE-2015-4544 |
critical |
— |
9.0 |
|
|
emc |
11y ago |
EMC Documentum Content Server before 7.1P20 and 7.2.x before 7.2P04 does not properly verify authorization for dm_job object access, which allows remote authenticated users to obtain superuser privil… |
